Tips for cyber security and your IT Policy
Tips for cyber security is almost everywhere on the internet and it makes sense, because it is important for every organisation. Whether you work in a private company, an NGO, or a public institution, cyber security will always have crucial meaning. When it comes to cyber security you can consider your employees your human firewall. They can help prevent unauthorized people from gaining access to the organisation’s IT systems and programs. Safety is a top priority whilst controlling a plane and cyber security must also be a top priority when running businesses and public institutions. It is too expensive if you don’t prioritise it, because the safety of the organisation’s data and systems are vital for their existence and image. In this article you can get advice on both what cyber security course to provide for your employees and for cyber security in general.
MOCH's top 10 tips for cyber security
- Get reliable antivirus software for the entire organisation
- Use a firewall – both a technical one as well as the human one
- Educate and train your employees
- Require action and reports from your employees
- Back-up business-critical files and systems.
- Create strong passwords and update them regularly
- Encrypt your wireless network and emails
- Create a contingency plan
- Make sure your employees follow the IT policy
- Ensure good cyber security at the home offices
1. Get reliable antivirus software for the entire organisation and make sure to keep it updated
You probably already know this, but antivirus software is crucial when building a safety net that protects the organisation against cyber attacks.
2. Use a Firewall to Deny Access to the Organisation's IT systems, Programs and Data
Use the technical firewall to keep unauthorized people away from the organisation’s systems, networks and programs. Strengthen your human firewall with awareness training that makes you and your employees aware of when to react if anything suspicious occurs. With training you will learn how to spot the warning signs before it is too late.
3. Educate and train your employees
When employees have access to IT systems and programs that contain data, that is valuable to the organisation, it places great demands for the safety.
Studies show that Danish corporations and organisations do not immediately fear hacker attacks. However, there is still reason to view them as a potential threat.
According to numbers from Danmarks Statistik, 31% of Danish companies (with 250+ employees) experienced cyber security breaches in 2019. Compared to 2018, this is a 27% increase in large firms experiencing cyber security breaches.
“We know that some of the Danish corporations are vulnerable to cyber security incidents. They can have far-reaching consequences for the respective corporation and for their employees.”
How do you train your employees in cyber security in your company, organisation, or NGO? You can book a demo-session of our awareness training and get an overview of the content and quality.
Effective cyber security training
The way you train your employees in cyber security has a crucial impact on how aware they are afterwards. Our awareness training has a proven learning effect that can create great value in your organisation. Through involving and practice-based cases the most important cyber security subjects are clarified. The final test results in a certificate that is given when the participant answers enough questions correctly. Continuous training in cyber security is also proven to have a good effect. Therefore, we have recertification on our awareness training courses that automatically reminds the participants to take the training after a year. We also offer microlearning modules so you can send out seperate modules during the year. The modules about phishing and CEO fraud are specifically relevant before holiday seasons.
If you think training your employees with cyber security courses sounds like a good solution, then start the dialogue with us today!
4. Require action and reports from your employees
Hackers and other cybercriminals with the intention of gaining access to your organisation’s IT systems gradually use more advanced methods. Some organisations experience infected USB plugs being thrown in front of their buildings. The hackers want people to pick them up and insert them in a computer thinking a colleague lost it. Other organisations are victims of attempts of social engineering where cyber criminals claim to be the CEO for example. If something supscious happens, your employees should react fast and report it to you and the IT department.
5. Never Forget to Back-Up Business-Critical Files and Systems
Security information management is also an important field when it comes to IT security. Once business-critical information gets into the wrong hands it can have fatal consequences.
Imagine the following scenario: You sit and resent that fact that you did not make a backup before your organisation was hacked and unauthorized people denied access to business-critical files and systems. You know this situation could have been avoided if you had a fixed backup procedure. Start today or keep up the good work – of course, you are one of those who always make sure that backups are taken. It pays off.
6. Make Sure Your Employees Create Strong Passwords That Are Updated Regularly
As you know, strong passwords are a good basis to prevent unauthorized people from gaining access to data, IT systems, programs, and networks. Therefore, it may come as a surprise that the most common weak passwords are still used by many. Guessing a password that e.g. only consists of 6 letters can be easy. Reusing the same passwords multiple places is also very common and this is a direct danger to the IT security. Once the wrong people gain access to one of the sites your password can be misused elsewhere.
You can share this article with your employees which, among other things, cover how to create strong passwords.
7. Encrypt Your Wireless Network and Emails That Contain Personal Information
If unauthorized people gain access to your network, there is also a risk of them accessing your programs, systems and personal information. It can have major consequences if it is not discovered that someone has gained access to your networks and systems. It allows the cybercriminals to nose about your data for a long time. Did you know that it on average takes 229 days before a safety breach is noticed?
This is why you should encrypt your wireless network and generally make access as difficult as possible. This also applies to the physical storage of routers and other IT equipment.
It is also important how you encrypt the emails that leave your network. At least those containing personal information or business-critical information, e.g regarding strategy. By encrypting them, you can avoid unauthorized access to the information.
8. Have a contingency plan ready
It is crucial that you have a plan ready to protect your IT infrastructure in unexpected situations. In a survey, more than 50 % of the IT departments in Danish corporations answered that they did not have a crisis plan when the Covid-19 crisis hit.
A pandemic being a threat to cyber security
With the change in working conditions and more people working from home, new risks also follow. The global pandemic has caused a new problem; e-mail fraud where hackers pretend to send information about Covid-19. This demands good IT security and cyber awareness amongst your employees. A study shows that around 86% of the IT departments in Danish Corporations were exposed to an increased number of cyberattacks during the first part of the pandemic.
9. Make Your Employees Read and Follow The IT Policy and Create IT Governance
It is important that your employees know and follow the guidelines of the IT security policy. This is often not prioritized in a busy everyday life where convenience sometimes prevails over safety. For instance, when an employee responds to a confidential email from their private email address after working hours because the work email is not installed on the employee’s own smartphone.
The Neglected IT Security Policy
Most organisations have an IT security policy that informs you on how you as an employee protect the organisation’s programs, data, and IT systems. However, the IT security policy often ends up being forgotten in a drawer under the desk to collect dust. It can be challenging to get your employees to read the organisation’s IT security policy and act accordingly. Therefore, we have created a solution where employees gain knowledge about cyber security using a well-proven learning method. They will understand the most important things regarding their activities on the internet whilst being responsible for protecting the organisation’s data. MOCH offers a solution where the IT policy is placed at the beginning of the awareness training so all employees must download and read it. Afterwards, they must confirm that they have read it and will follow it. This creates a larger focus on the IT security policy and emphasizes the importance of following it.
Employees navigating on the internet poses a risk of potential attacks aimed at the organisation. Attacks can be targeted through networks, programs, and IT systems. Some attacks happen via phishing emails, CEO fraud, breaches of the organisation’s firewall or inadequate use of antivirus. The lack of backup of data, which is critical for the organisation to run its business and fulfil its purpose, is a subject that needs more attention. In some organisations, there is an insufficient focus on ongoing updating procedures for the IT systems and programs. In addition, lack of advice on usage of the organisation’s information in critical situations is seen as an important thing to improve.
10. Ensure that good cyber security is also maintained when your employees work from home
Cyber security when working from home is just as important as when your employees are at the office. The things you and your employees should be aware of whilst working from home are:
- Use a VPN-connection.
- Lock your computer when leaving it.
- Update your systems and programs
- If you are asked to transfer money or install a program via email, then you should do a check call to ensure the information is correct.
You can read more good advice on cyber security when working from home in this article.
In our cyber security awareness training, we have a module about cyber security when working from the home office. If you want an overview of the other modules in our awareness training, you can order our fact sheet or book a demo-session.
FAQ about cyber security
A “man in the middle attack” is when a hacker pretends to be two different people. Both parties believe that they are communicating with the other party. The hacker gains access to both systems belonging to the respective parties and controls the communication between them. With tools that make it possible to change identity, e.g voice imitation or deep fake video, it can be harder to figure out who you are communicating with via video or phone call.
A firewall is a software that protects against unauthorized access to a network, e.g. in an organisation or privately.
Cyber security is about having procedures for how you behave safely on the internet and how to protect data and IT systems. Read more in our article “Worth knowing about IT security”.
An antivirus is a software designed to register and remove threats such as virus, malware, ransomware and spyware.
Cyber security is important because your knowledge and your actions are what makes a difference. By having this knowledge you can protect data, systems, and people from being exposed to cybercrime and fraud.
An IT security policy is a set of guidelines that everyone in a company, organization or NGO must follow to protect the company’s information, systems and employees.
You can download a template for an IT security policy on sikkerdigital.dk
The IT manager, also known as the CISO (Chief Information Security Officer), is responsible for a corporation’s IT security. We believe that safety is everyone’s responsibility. That is why our awareness training encourages everyone to do what they can to maintain good IT security. We also encourage everyone to act if they experience anything suspicious.